Yammits

How do I empty the quarantine?

Malwarebytes' Anti-Malware 1.36 Database version: 2066 Windows 5.1.2600 Service Pack 3 5/1/2009 5:52:17 PM mbam-log-2009-05-01 (17-52-17).txt Scan type: Quick Scan Objects scanned: 95708 Time elapsed: 4 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\winglsetup.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lmppcsetup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.36 Database version: 2063 Windows 5.1.2600 Service Pack 3 5/1/2009 11:21:40 AM mbam-log-2009-05-01 (11-21-35).txt Scan type: Quick Scan Objects scanned: 96065 Time elapsed: 8 minute(s), 5 second(s) Memory Processes Infected: 2 Memory Modules Infected: 5 Registry Keys Infected: 18 Registry Values Infected: 9 Registry Data Items Infected: 4 Folders Infected: 2 Files Infected: 19 Memory Processes Infected: C:\Documents and Settings\Tim\Local Settings\temp\xpre.tmp (Trojan.Downloader) -> No action taken. C:\WINDOWS\system32\prnet.tmp (Trojan.Downloader) -> No action taken. Memory Modules Infected: C:\WINDOWS\system32\saleluwo.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\foleleza.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\wisebiga.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\konemabo.dll (Trojan.Vundo.H) -> No action taken. C:\Program Files\Jcore\Jcore2.dll (Trojan.BHO) -> No action taken. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4cb7ce8e-1098-4ff9-80e3-6afeacef5cd9} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{4cb7ce8e-1098-4ff9-80e3-6afeacef5cd9} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4cb7ce8e-1098-4ff9-80e3-6afeacef5cd9} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> No action taken. HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken. KHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dcd854cf (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmdfeb6753 (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\revoravuji (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prnet (Trojan.Downloader) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prnet (Trojan.Downloader) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pidle (Trojan.Downloader) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\twain (Trojan.Agent) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\foleleza.dll -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\wisebiga.dll -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wisebiga.dll -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: C:\Documents and Settings\Tim\Application Data\pidle (Trojan.Agent) -> No action taken. C:\Program Files\Jcore (Trojan.BHO) -> No action taken. Files Infected: C:\WINDOWS\system32\saleluwo.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\owulelas.ini (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\foleleza.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\fabireze.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\konemabo.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\wisebiga.dll (Trojan.Vundo.H) -> No action taken. C:\Documents and Settings\Tim\Local Settings\temp\xpre.tmp (Trojan.Downloader) -> No action taken. C:\WINDOWS\system32\prnet.tmp (Trojan.Downloader) -> No action taken. C:\Program Files\Jcore\Jcore2.dll (Trojan.BHO) -> No action taken. C:\Documents and Settings\Tim\Application Data\pidle\pidle.exe (Trojan.Downloader) -> No action taken. C:\WINDOWS\system32\bogiviza.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\fiboduzu.dll.tmp (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\kutirata.dll.tmp (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\seduvumo.dll.tmp (Trojan.Vundo) -> No action taken. C:\Documents and Settings\Tim\Local Settings\temp\prun.tmp (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Tim\Local Settings\temp\rasesnet.tmp (Trojan.Vundo) -> No action taken. C:\Documents and Settings\Tim\Local Settings\temp\__114.tmp (Trojan.Dropper) -> No action taken. C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\QD7CVPXS\156[1].net (Trojan.Dropper) -> No action taken. C:\Documents and Settings\Tim\Application Data\Twain\Twain.exe (Trojan.Agent) -> No action taken.

IE still seems infected and I'm getting multiple pop-ups RedZee search engine and a shield deluxe 2009 virus scan to name a few

ComboFix 09-04-30.05 - Tim 04/30/2009 19:49.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.158 [GMT -5:00] Running from: c:\documents and settings\Tim\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\uniq.tll . ((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 ))))))))))))))))))))))))))))))) . 2009-05-01 00:34 . 2009-05-01 00:34 -------- d-----w c:\program files\CCleaner 2009-04-28 00:44 . 2009-04-28 00:44 104960 -c--a-w c:\windows\system32\dllcache\userinit.exe 2009-04-22 01:29 . 2009-04-22 01:29 -------- d-----w c:\program files\Java 2009-04-20 02:09 . 2001-08-18 03:36 5632 ----a-w c:\windows\system32\ptpusb.dll 2009-04-20 02:09 . 2008-04-14 00:12 159232 ----a-w c:\windows\system32\ptpusd.dll 2009-04-20 02:07 . 2009-04-20 02:14 -------- d-----w c:\documents and settings\Tim\Application Data\Nikon 2009-04-20 01:48 . 2009-04-20 01:48 -------- d-----w c:\documents and settings\All Users\Application Data\URLs 2009-04-20 01:48 . 2009-04-20 02:14 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT 2009-04-20 01:37 . 2009-04-20 01:37 -------- d-----w c:\documents and settings\All Users\Application Data\Nikon 2009-04-20 01:37 . 2009-04-20 02:07 -------- d-----w c:\program files\Common Files\Nikon 2009-04-20 01:36 . 2009-04-20 01:49 -------- d-----w c:\program files\Nikon 2009-04-20 01:35 . 2009-04-20 02:15 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT 2009-04-20 01:35 . 2009-04-20 01:35 -------- d-----w c:\documents and settings\All Users\Application Data\Tables 2009-04-20 01:35 . 2009-04-20 01:48 -------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15 2009-04-20 01:35 . 2009-04-20 01:48 -------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp 2009-04-20 01:33 . 2009-04-20 01:33 -------- d-----w c:\program files\ArcSoft 2009-04-16 21:45 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-16 21:45 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe 2009-04-16 21:45 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-16 21:45 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe 2009-04-16 21:45 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-16 21:45 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-16 21:45 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-16 21:45 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-16 21:45 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-16 21:45 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-16 21:44 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-16 21:44 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-07 23:52 . 2009-04-07 23:52 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-04-07 18:21 . 2009-04-07 18:25 -------- d-----w c:\program files\SpywareBlaster 2009-04-07 14:55 . 2009-04-07 15:20 -------- d-----w c:\documents and settings\Tim\DoctorWeb 2009-04-07 01:26 . 2009-04-08 04:06 -------- d-----w c:\program files\SUPERAntiSpyware 2009-04-07 01:26 . 2009-04-07 01:26 -------- d-----w c:\documents and settings\Tim\Application Data\SUPERAntiSpyware.com 2009-04-07 01:26 . 2009-04-07 01:26 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-07 01:23 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-07 01:23 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-07 01:17 . 2009-04-11 14:39 -------- d-----w c:\documents and settings\Tim\Local Settings\Application Data\WinZip 2009-04-07 01:16 . 2009-04-07 01:17 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip 2009-04-06 14:57 . 2008-06-02 20:19 29576 ----a-w c:\windows\system32\drivers\kcom.sys 2009-04-06 14:57 . 2009-04-06 15:31 40840 ----a-w c:\windows\system32\drivers\ikfilesec.sys 2009-04-06 14:57 . 2009-04-06 15:31 81288 ----a-w c:\windows\system32\drivers\iksyssec.sys 2009-04-06 14:57 . 2009-04-06 15:31 66952 ----a-w c:\windows\system32\drivers\iksysflt.sys 2009-04-06 14:57 . 2009-04-06 14:57 -------- d-----w c:\documents and settings\Tim\Application Data\PC Tools 2009-04-06 14:57 . 2009-04-21 08:19 -------- d-----w c:\program files\Spyware Doctor 2009-04-03 06:46 . 2003-03-18 20:20 1060864 ----a-w c:\windows\system32\MFC71.dll 2009-04-03 06:46 . 2009-04-03 06:46 -------- d-----w c:\program files\Alwil Software 2009-04-03 03:51 . 2009-04-06 13:01 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-03 03:51 . 2009-04-06 13:02 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-02 19:54 . 2009-04-02 19:54 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-22 01:29 . 2009-01-20 00:58 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-21 02:09 . 2007-12-20 21:07 3766 --sha-w c:\windows\system32\KGyGaAvL.sys 2009-04-20 01:33 . 2006-01-19 03:49 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-07 23:53 . 2009-03-20 20:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-03 06:25 . 2007-09-26 21:17 -------- d-----w c:\program files\McAfee 2009-04-02 11:06 . 2008-07-03 13:25 39304 ----a-w c:\documents and settings\Devin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-28 09:22 . 2006-10-01 20:57 -------- d-----w c:\program files\Full Tilt Poker 2009-03-18 15:47 . 2009-03-18 15:47 -------- d-----w c:\program files\WinPcap 2009-03-10 05:31 . 2008-10-03 15:11 -------- d-----w c:\program files\LimeWire 2009-03-10 04:39 . 2006-07-25 21:41 39304 ----a-w c:\documents and settings\Tim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-10 04:33 . 2009-03-10 04:32 -------- d-----w c:\program files\Common Files\muvee Technologies 2009-03-10 04:32 . 2009-03-10 04:32 -------- d-----w c:\program files\muvee Technologies 2009-03-10 04:30 . 2007-12-20 20:58 -------- d-----w c:\program files\Corel 2009-03-10 04:22 . 2009-03-10 04:13 88 --sh--r c:\windows\system32\D296D3F980.sys 2009-03-10 04:16 . 2007-12-20 20:58 -------- d-----w c:\program files\Common Files\Corel 2009-03-06 14:22 . 2006-01-19 02:02 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:18 . 2006-01-19 02:02 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-20 18:09 . 2006-01-19 02:01 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-09 12:10 . 2006-01-19 02:01 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2006-01-19 02:02 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 12:10 . 2006-01-19 02:02 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2006-01-19 02:01 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 11:13 . 2006-01-19 02:02 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-08 00:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-06 11:11 . 2006-01-19 02:02 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:08 . 2006-01-19 02:02 2189056 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2006-01-19 02:02 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:59 . 2006-01-19 02:02 56832 ----a-w c:\windows\system32\secur32.dll . ((((((((((((((((((((((((((((( SnapShot@2009-04-22_00.45.06 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-30 17:36 . 2009-04-30 17:36 16384 c:\windows\temp\Perflib_Perfdata_430.dat + 2006-01-19 03:20 . 2004-08-04 12:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat + 2006-01-19 03:24 . 2009-04-28 00:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-01-19 03:24 . 2009-04-03 02:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-04-28 00:37 . 2009-04-28 00:37 78924 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat + 2009-04-28 00:37 . 2009-04-28 00:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009042720090428\index.dat - 2006-01-19 03:24 . 2009-04-03 02:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2006-01-19 03:24 . 2009-04-28 00:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2006-01-19 03:24 . 2009-04-03 02:23 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2006-01-19 03:24 . 2009-04-28 00:59 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-08-03 17:30 . 2008-01-18 15:13 2247 c:\windows\ServicePackFiles\i386\tscdsbl.bat + 2008-08-03 17:30 . 2008-01-18 15:13 2247 c:\windows\Installer\tsclientmsitrans\tscdsbl.bat + 2006-01-19 02:04 . 2004-08-04 12:00 2589 c:\windows\I386\RUNW32.BAT + 2009-04-22 01:29 . 2009-04-22 01:29 148888 c:\windows\system32\javaws.exe - 2009-04-06 13:52 . 2009-03-09 10:19 148888 c:\windows\system32\javaws.exe + 2009-04-22 01:29 . 2009-04-22 01:29 144792 c:\windows\system32\javaw.exe - 2009-04-06 13:52 . 2009-03-09 10:19 144792 c:\windows\system32\javaw.exe - 2009-04-06 13:52 . 2009-03-09 10:19 144792 c:\windows\system32\java.exe + 2009-04-22 01:29 . 2009-04-22 01:29 144792 c:\windows\system32\java.exe + 2009-04-28 00:44 . 2009-04-28 00:44 104960 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OJYROP4H\lsp[1].exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-08 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-03-07 98304] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "Corel File Shell Monitor"="c:\program files\Corel\Corel MediaOne\CorelIOMonitor.exe" [2007-12-01 38400] "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-22 148888] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Common Files\\Microsoft Shared\\VS7Debug\\mdm.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\iFrmewrk.exe"= R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-08 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: select2perform.com\www Trusted Zone: yahoo.com\www FF - ProfilePath - c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\tw6763fm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy.http_port - 7171 FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-30 19:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(904) c:\program files\SUPERAntiSpyware\SASWINLO.dll . Completion time: 2009-05-01 19:54 ComboFix-quarantined-files.txt 2009-05-01 00:53 ComboFix2.txt 2009-04-22 16:04 ComboFix3.txt 2009-04-22 00:51 ComboFix4.txt 2009-04-10 17:04 Pre-Run: 42,400,055,296 bytes free Post-Run: 42,393,788,416 bytes free 267 --- E O F --- 2009-04-21 06:57 Service Pack 3 4 30 2009 21:24:17.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver ACPI.sys Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver ohci1394.sys Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS Loaded driver compbatt.sys Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS Loaded driver pciide.sys Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Loaded driver pcmcia.sys Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver ACPIEC.sys Loaded driver \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver KR10N.sys Loaded driver \WINDOWS\system32\drivers\SCSIPORT.SYS Loaded driver disk.sys Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver DRVMCDB.SYS Loaded driver PxHelp20.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver Mup.sys Loaded driver \SystemRoot\system32\DRIVERS\nic1394.sys Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys Loaded driver \SystemRoot\system32\DRIVERS\ialmnt5.sys Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys Loaded driver \SystemRoot\system32\DRIVERS\w39n51.sys Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\sdbus.sys Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\system32\drivers\pfc.sys Loaded driver \SystemRoot\system32\drivers\iviaspi.sys Loaded driver \SystemRoot\System32\Drivers\DLACDBHM.SYS Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys Loaded driver \SystemRoot\system32\DRIVERS\Tvs.sys Loaded driver \SystemRoot\system32\DRIVERS\Tvs.sys Loaded driver \SystemRoot\system32\DRIVERS\Tvs.sys Loaded driver \SystemRoot\system32\DRIVERS\Tvs.sys Loaded driver \SystemRoot\system32\DRIVERS\Tvs.sys Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\system32\DRIVERS\psched.sys Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys Loaded driver \SystemRoot\system32\DRIVERS\update.sys Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\system32\DRIVERS\tbiosdrv.sys Loaded driver \SystemRoot\system32\DRIVERS\NBSMI.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\system32\drivers\RtkHDAud.sys Loaded driver \SystemRoot\system32\DRIVERS\Tvs.sys Loaded driver \SystemRoot\system32\DRIVERS\AGRSM.sys Loaded driver \SystemRoot\System32\Drivers\Modem.SYS Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\Drivers\DLARTL_N.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Udfs.SYS Loaded driver \SystemRoot\System32\Drivers\meiudf.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\system32\DRIVERS\arp1394.sys Loaded driver \SystemRoot\System32\Drivers\DRVNDDM.SYS Loaded driver \SystemRoot\System32\DLA\DLADResN.SYS Loaded driver \SystemRoot\System32\DLA\DLAIFS_M.SYS Loaded driver \SystemRoot\System32\DLA\DLAOPIOM.SYS Loaded driver \SystemRoot\System32\DLA\DLAPoolM.SYS Loaded driver \SystemRoot\System32\DLA\DLABOIOM.SYS Loaded driver \SystemRoot\System32\DLA\DLAUDFAM.SYS Loaded driver \SystemRoot\System32\DLA\DLAUDF_M.SYS Loaded driver \SystemRoot\system32\DRIVERS\AegisP.sys Loaded driver \SystemRoot\system32\DRIVERS\s24trans.sys Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys Loaded driver \SystemRoot\system32\DRIVERS\netdevio.sys Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys Did not load driver \SystemRoot\System32\Drivers\Serial.SYS Loaded driver \SystemRoot\system32\DRIVERS\srv.sys Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\drivers\kmixer.sys gmeb.zip gmeb.zip

Now I was unable to use Mozilla, or IE to access the internet, and all virus programs we're saying that a firewall needed to be disabled, but my firewall was off. So, I rescanned again! Malwarebytes' Anti-Malware 1.36 Database version: 2051 Windows 5.1.2600 Service Pack 3 4/27/2009 8:44:31 PM mbam-log-2009-04-27 (20-44-31).txt Scan type: Quick Scan Objects scanned: 94841 Time elapsed: 3 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 2 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 10 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{b2ba40a2-74f0-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2ba40a2-74f0-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2ba40a2-74f0-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{b2ba40a2-74f0-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\ovfsthrvwfyqynprljxoeiopmpkjfvgsxpwwke.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ovfsthslmrqlylsrkjgkedctgaitwfumhndxob.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ovfsthvtadmqvcxfqbovvuhcdlpwncglcgwesv.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\Tim\Local Settings\temp\ovfsthevmdtdjwix.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Tim\Local Settings\temp\ovfsthipffhwkiik.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ovfsthbnokqbcburswubwpdayoyiecxvdhdytt.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ovfsthviibgykkdnquhmvtfhyvvucuqhjylqwg.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Tim\Local Settings\temp\ovfsthpfyfqufpyr.tmp (Trojan.Agent) -> Quarantined and deleted successfully. ******deleted and rebooted******** Still no internet Now I used the diagnostic on IE and it found errors and repaired them, I now have access again to the net Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:01:03 PM, on 4/27/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\SYSTEM32\NOTEPAD.EXE C:\Documents and Settings\Tim\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.mcafee.com O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://msn.worldwinner.com/games/v47/share...GamesLoader.cab O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games

Correction... Seems that IE is still infected with redirects and multiple pop-ups. Mozilla wasn't effected so I didn't notice it until today when I launched IE. I also now have a red circle, white X in my tool bar saying it's a security report warning I am infected Malwarebytes' Anti-Malware 1.36 Database version: 2051 Windows 5.1.2600 Service Pack 3 4/27/2009 7:39:58 PM mbam-log-2009-04-27 (19-39-58).txt Scan type: Quick Scan Objects scanned: 95506 Time elapsed: 13 minute(s), 8 second(s) Memory Processes Infected: 2 Memory Modules Infected: 4 Registry Keys Infected: 9 Registry Values Infected: 8 Registry Data Items Infected: 4 Folders Infected: 1 Files Infected: 18 Memory Processes Infected: C:\Documents and Settings\Tim\Local Settings\temp\xpre.tmp (Trojan.Downloader) -> Unloaded process successfully. C:\WINDOWS\system32\prnet.tmp (Trojan.Downloader) -> Unloaded process successfully. Memory Modules Infected: C:\WINDOWS\system32\zajahume.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\losubadu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\kazejuve.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\rehayujo.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4cb7ce8e-1098-4ff9-80e3-6afeacef5cd9} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{4cb7ce8e-1098-4ff9-80e3-6afeacef5cd9} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4cb7ce8e-1098-4ff9-80e3-6afeacef5cd9} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. KHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dcd854cf (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmdfeb6753 (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\revoravuji (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prnet (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prnet (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pidle (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\losubadu.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\losubadu.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\rehayujo.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\Tim\Application Data\pidle (Trojan.Agent) -> Delete on reboot. Files Infected: C:\WINDOWS\system32\zajahume.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\emuhajaz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rehayujo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\hoyuriva.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kazejuve.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\losubadu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\Documents and Settings\Tim\Local Settings\temp\xpre.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\prnet.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Tim\Application Data\pidle\pidle.exe (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\system32\dapajafa.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hibaliju.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nebofeko.dll.tmp (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\vudogame.dll.tmp (Trojan.Vundo) -> Delete on reboot. C:\Documents and Settings\Tim\Local Settings\temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Tim\Local Settings\temp\rasesnet.tmp (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\p2hhr.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ak1.exe (Virus.Virut) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yhs783ijfo3fe.dll (Trojan.Ertfor) -> Delete on reboot. ****** deleted and rebooted******** Rescanned SUPERAntiSpyware Scan Log http://*.mcafee.com O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://msn.worldwinner.com/games/v47/share...GamesLoader.cab O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games

bump

Computer seems fine. I can use the usb and I'm not getting google re-directs anymore. ComboFix 09-04-22.A23 - Tim 04/22/2009 8:20.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.174 [GMT -5:00] Running from: c:\documents and settings\Tim\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Tim\Desktop\CFscript.txt FILE :: c:\documents and settings\Tim\Incomplete\T-4620425-superman.mp3 . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Tim\Incomplete\T-4620425-superman.mp3 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FNRU77 -------\Legacy_NPF -------\Service_Fnru77 -------\Service_hequllca -------\Service_npf ((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 ))))))))))))))))))))))))))))))) . 2009-04-22 01:29 . 2009-04-22 01:29 73728 ----a-w c:\windows\system32\javacpl.cpl 2009-04-22 01:29 . 2009-04-22 01:29 -------- d-----w c:\program files\Java 2009-04-20 02:17 . 2009-04-20 02:17 0 ----a-w c:\windows\ViewNX.INI 2009-04-20 02:09 . 2001-08-18 03:36 5632 ----a-w c:\windows\system32\ptpusb.dll 2009-04-20 02:09 . 2008-04-14 00:12 159232 ----a-w c:\windows\system32\ptpusd.dll 2009-04-20 02:07 . 2009-04-20 02:14 -------- d-----w c:\documents and settings\Tim\Application Data\Nikon 2009-04-20 01:48 . 2009-04-20 02:14 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT 2009-04-20 01:48 . 2009-04-20 01:48 -------- d-----w c:\documents and settings\All Users\Application Data\URLs 2009-04-20 01:37 . 2009-04-20 02:07 -------- d-----w c:\program files\Common Files\Nikon 2009-04-20 01:37 . 2009-04-20 01:37 -------- d-----w c:\documents and settings\All Users\Application Data\Nikon 2009-04-20 01:36 . 2009-04-20 01:49 -------- d-----w c:\program files\Nikon 2009-04-20 01:35 . 2009-04-20 02:15 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT 2009-04-20 01:35 . 2009-04-20 01:48 -------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15 2009-04-20 01:35 . 2009-04-20 01:48 -------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp 2009-04-20 01:35 . 2009-04-20 01:35 -------- d-----w c:\documents and settings\All Users\Application Data\Tables 2009-04-20 01:33 . 2009-04-20 01:33 -------- d-----w c:\program files\ArcSoft 2009-04-16 21:45 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-16 21:45 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-16 21:45 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe 2009-04-16 21:45 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-16 21:45 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-16 21:45 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-16 21:45 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-16 21:45 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-16 21:45 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe 2009-04-16 21:45 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-16 21:44 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-16 21:44 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-16 21:44 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-07 23:52 . 2009-04-07 23:52 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-04-07 18:21 . 2009-04-07 18:25 -------- d-----w c:\program files\SpywareBlaster 2009-04-07 14:55 . 2009-04-07 15:20 -------- d-----w c:\documents and settings\Tim\DoctorWeb 2009-04-07 01:26 . 2009-04-08 04:06 -------- d-----w c:\program files\SUPERAntiSpyware 2009-04-07 01:26 . 2009-04-07 01:26 -------- d-----w c:\documents and settings\Tim\Application Data\SUPERAntiSpyware.com 2009-04-07 01:26 . 2009-04-07 01:26 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-07 01:23 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-07 01:23 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-07 01:17 . 2009-04-11 14:39 -------- d-----w c:\documents and settings\Tim\Local Settings\Application Data\WinZip 2009-04-07 01:16 . 2009-04-07 01:17 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip 2009-04-06 14:57 . 2009-04-06 15:31 66952 ----a-w c:\windows\system32\drivers\iksysflt.sys 2009-04-06 14:57 . 2009-04-06 15:31 81288 ----a-w c:\windows\system32\drivers\iksyssec.sys 2009-04-06 14:57 . 2009-04-06 15:31 40840 ----a-w c:\windows\system32\drivers\ikfilesec.sys 2009-04-06 14:57 . 2008-06-02 20:19 29576 ----a-w c:\windows\system32\drivers\kcom.sys 2009-04-06 14:57 . 2009-04-21 08:19 -------- d-----w c:\program files\Spyware Doctor 2009-04-06 14:57 . 2009-04-06 14:57 -------- d-----w c:\documents and settings\Tim\Application Data\PC Tools 2009-04-03 06:46 . 2003-03-18 20:20 1060864 ----a-w c:\windows\system32\MFC71.dll 2009-04-03 06:46 . 2009-04-03 06:46 -------- d-----w c:\program files\Alwil Software 2009-04-03 04:31 . 2009-04-03 04:31 22847 ----a-w c:\windows\system32\AAWService_2009_04_02_23_31_40.dmp 2009-04-03 04:17 . 2009-04-03 04:17 20952 ----a-w c:\windows\system32\AAWService_2009_04_02_23_17_50.dmp 2009-04-03 03:51 . 2009-04-06 13:02 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-03 03:51 . 2009-04-06 13:01 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-03 03:46 . 2009-04-03 03:46 21164 ----a-w c:\windows\system32\AAWService_2009_04_02_22_46_38.dmp 2009-04-02 19:58 . 2009-04-02 19:58 20263 ----a-w c:\windows\system32\AAWService_2009_04_02_14_58_26.dmp 2009-04-02 19:54 . 2009-04-02 19:54 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-22 01:29 . 2009-01-20 00:58 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-22 01:00 . 2009-04-22 00:59 458 ----a-w C:\JavaRa.log 2009-04-22 00:35 . 2008-01-26 21:17 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-21 02:09 . 2007-12-20 21:07 3766 --sha-w c:\windows\system32\KGyGaAvL.sys 2009-04-20 01:33 . 2006-01-19 03:49 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-07 23:53 . 2009-03-20 20:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-03 06:25 . 2007-09-26 20:01 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2009-04-03 06:25 . 2007-09-26 21:17 -------- d-----w c:\program files\McAfee 2009-04-03 05:26 . 2009-04-03 00:36 2681 ----a-w C:\aaw7boot.log 2009-04-02 11:06 . 2008-07-03 13:25 39304 ----a-w c:\documents and settings\Devin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-28 09:22 . 2006-10-01 20:57 -------- d-----w c:\program files\Full Tilt Poker 2009-03-21 16:48 . 2009-03-21 16:48 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SACore 2009-03-21 05:46 . 2009-03-10 04:39 -------- d-----w c:\documents and settings\Tim\Application Data\muvee Technologies 2009-03-20 20:21 . 2009-03-20 20:21 -------- d-----w c:\documents and settings\Tim\Application Data\Malwarebytes 2009-03-20 20:20 . 2009-03-20 20:20 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-20 15:22 . 2009-03-20 03:05 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2009-03-20 02:59 . 2009-03-20 02:59 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-03-20 01:49 . 2006-11-22 13:00 -------- d-----w c:\documents and settings\Tim\Application Data\Lavasoft 2009-03-18 15:47 . 2009-03-18 15:47 -------- d-----w c:\program files\WinPcap 2009-03-10 07:53 . 2009-03-10 04:32 -------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies 2009-03-10 05:31 . 2008-10-03 15:11 -------- d-----w c:\program files\LimeWire 2009-03-10 04:39 . 2006-07-25 21:41 39304 ----a-w c:\documents and settings\Tim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-10 04:33 . 2009-03-10 04:32 -------- d-----w c:\program files\Common Files\muvee Technologies 2009-03-10 04:32 . 2009-03-10 04:32 -------- d-----w c:\program files\muvee Technologies 2009-03-10 04:30 . 2007-12-20 20:58 -------- d-----w c:\program files\Corel 2009-03-10 04:21 . 2007-12-20 21:06 -------- d-----w c:\documents and settings\Tim\Application Data\Corel 2009-03-10 04:16 . 2007-12-20 20:58 -------- d-----w c:\program files\Common Files\Corel 2009-03-10 04:10 . 2009-03-10 04:10 -------- d-----w c:\documents and settings\Tim\Application Data\InstallShield 2009-03-06 14:22 . 2006-01-19 02:02 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:18 . 2006-01-19 02:02 826368 ----a-w c:\windows\system32\wininet.dll 2009-03-02 12:40 . 2009-03-02 12:40 -------- d-----w c:\documents and settings\Devin\Application Data\Corel 2009-02-20 18:09 . 2006-01-19 02:01 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-09 12:10 . 2006-01-19 02:01 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2006-01-19 02:02 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 12:10 . 2006-01-19 02:02 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2006-01-19 02:01 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 11:13 . 2006-01-19 02:02 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-08 00:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-06 11:11 . 2006-01-19 02:02 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:08 . 2006-01-19 02:02 2189056 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2006-01-19 02:02 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:59 . 2006-01-19 02:02 56832 ----a-w c:\windows\system32\secur32.dll 2009-01-19 03:37 . 2009-01-19 03:37 34608 ----a-w c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-08-19 17:09 . 2008-07-02 22:31 34608 ----a-w c:\documents and settings\Danni\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2007-10-01 00:43 . 2007-10-01 00:43 126 ----a-w c:\documents and settings\Tim\Local Settings\Application Data\fusioncache.dat 2007-08-15 18:59 . 2007-10-14 18:59 32 ----a-r c:\documents and settings\All Users\hash.dat 2008-08-19 15:19 . 2008-08-19 15:20 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-04-22_00.45.06 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-22 13:26 . 2009-04-22 13:26 16384 c:\windows\temp\Perflib_Perfdata_178.dat + 2009-04-22 01:29 . 2009-04-22 01:29 148888 c:\windows\system32\javaws.exe - 2009-04-06 13:52 . 2009-03-09 10:19 148888 c:\windows\system32\javaws.exe + 2009-04-22 01:29 . 2009-04-22 01:29 144792 c:\windows\system32\javaw.exe - 2009-04-06 13:52 . 2009-03-09 10:19 144792 c:\windows\system32\javaw.exe + 2009-04-22 01:29 . 2009-04-22 01:29 144792 c:\windows\system32\java.exe - 2009-04-06 13:52 . 2009-03-09 10:19 144792 c:\windows\system32\java.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-08 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-03-07 98304] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "Corel File Shell Monitor"="c:\program files\Corel\Corel MediaOne\CorelIOMonitor.exe" [2007-12-01 38400] "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-22 148888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Common Files\\Microsoft Shared\\VS7Debug\\mdm.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-08 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local;<local> uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: select2perform.com\www Trusted Zone: yahoo.com\www FF - ProfilePath - c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\tw6763fm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy.http_port - 7171 FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://*.mcafee.com O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://msn.worldwinner.com/games/v47/share...GamesLoader.cab O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:14:35 PM, on 4/21/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre6\bin\java.exe C:\Documents and Settings\Tim\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.mcafee.com O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://msn.worldwinner.com/games/v47/share...GamesLoader.cab O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games

ComboFix 09-04-22.02 - Tim 04/21/2009 19:38.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.265 [GMT -5:00] Running from: c:\documents and settings\Tim\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Tim\Desktop\CFscript.txt * Created a new restore point FILE :: c:\windows\system32\drivers\eerguzwj.sys c:\windows\system32\drivers\goztymnr.sys c:\windows\system32\drivers\hequllca.sys c:\windows\system32\drivers\mprijquj.sys c:\windows\system32\drivers\npf.sys c:\windows\system32\drivers\pnmdhkci.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\eerguzwj.sys c:\windows\system32\drivers\goztymnr.sys c:\windows\system32\drivers\mprijquj.sys c:\windows\system32\drivers\pnmdhkci.sys . ((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 ))))))))))))))))))))))))))))))) . 2009-04-20 02:17 . 2009-04-20 02:17 0 ----a-w c:\windows\ViewNX.INI 2009-04-20 02:09 . 2001-08-18 03:36 5632 ----a-w c:\windows\system32\ptpusb.dll 2009-04-20 02:09 . 2008-04-14 00:12 159232 ----a-w c:\windows\system32\ptpusd.dll 2009-04-20 02:07 . 2009-04-20 02:14 -------- d-----w c:\documents and settings\Tim\Application Data\Nikon 2009-04-20 01:48 . 2009-04-20 02:14 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT 2009-04-20 01:48 . 2009-04-20 01:48 -------- d-----w c:\documents and settings\All Users\Application Data\URLs 2009-04-20 01:37 . 2009-04-20 02:07 -------- d-----w c:\program files\Common Files\Nikon 2009-04-20 01:37 . 2009-04-20 01:37 -------- d-----w c:\documents and settings\All Users\Application Data\Nikon 2009-04-20 01:36 . 2009-04-20 01:49 -------- d-----w c:\program files\Nikon 2009-04-20 01:35 . 2009-04-20 02:15 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT 2009-04-20 01:35 . 2009-04-20 01:48 -------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15 2009-04-20 01:35 . 2009-04-20 01:48 -------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp 2009-04-20 01:35 . 2009-04-20 01:35 -------- d-----w c:\documents and settings\All Users\Application Data\Tables 2009-04-20 01:33 . 2009-04-20 01:33 -------- d-----w c:\program files\ArcSoft 2009-04-16 21:45 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-16 21:45 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-16 21:45 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe 2009-04-16 21:45 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-16 21:45 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-16 21:45 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-16 21:45 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-16 21:45 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-16 21:45 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe 2009-04-16 21:45 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-16 21:44 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-16 21:44 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-16 21:44 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-07 23:52 . 2009-04-07 23:52 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-04-07 18:21 . 2009-04-07 18:25 -------- d-----w c:\program files\SpywareBlaster 2009-04-07 14:55 . 2009-04-07 15:20 -------- d-----w c:\documents and settings\Tim\DoctorWeb 2009-04-07 01:26 . 2009-04-08 04:06 -------- d-----w c:\program files\SUPERAntiSpyware 2009-04-07 01:26 . 2009-04-07 01:26 -------- d-----w c:\documents and settings\Tim\Application Data\SUPERAntiSpyware.com 2009-04-07 01:26 . 2009-04-07 01:26 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-07 01:23 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-07 01:23 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-07 01:17 . 2009-04-11 14:39 -------- d-----w c:\documents and settings\Tim\Local Settings\Application Data\WinZip 2009-04-07 01:16 . 2009-04-07 01:17 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip 2009-04-03 04:31 . 2009-04-03 04:31 22847 ----a-w c:\windows\system32\AAWService_2009_04_02_23_31_40.dmp 2009-04-03 04:17 . 2009-04-03 04:17 20952 ----a-w c:\windows\system32\AAWService_2009_04_02_23_17_50.dmp 2009-04-03 03:51 . 2009-04-06 13:02 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-03 03:51 . 2009-04-06 13:01 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-03 03:46 . 2009-04-03 03:46 21164 ----a-w c:\windows\system32\AAWService_2009_04_02_22_46_38.dmp 2009-04-02 19:58 . 2009-04-02 19:58 20263 ----a-w c:\windows\system32\AAWService_2009_04_02_14_58_26.dmp 2009-04-02 19:54 . 2009-04-02 19:54 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-22 00:35 . 2008-01-26 21:17 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-21 08:19 . 2009-04-06 14:57 -------- d-----w c:\program files\Spyware Doctor 2009-04-21 02:09 . 2007-12-20 21:07 3766 --sha-w c:\windows\system32\KGyGaAvL.sys 2009-04-20 01:33 . 2006-01-19 03:49 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-07 23:53 . 2009-03-20 20:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-06 15:31 . 2009-04-06 14:57 66952 ----a-w c:\windows\system32\drivers\iksysflt.sys 2009-04-06 15:31 . 2009-04-06 14:57 81288 ----a-w c:\windows\system32\drivers\iksyssec.sys 2009-04-06 15:31 . 2009-04-06 14:57 40840 ----a-w c:\windows\system32\drivers\ikfilesec.sys 2009-04-06 14:57 . 2009-04-06 14:57 -------- d-----w c:\documents and settings\Tim\Application Data\PC Tools 2009-04-06 14:14 . 2009-04-06 14:14 -------- d-----w c:\program files\Windows Defender 2009-04-06 13:51 . 2006-01-19 04:38 -------- d-----w c:\program files\Java 2009-04-03 06:46 . 2009-04-03 06:46 -------- d-----w c:\program files\Alwil Software 2009-04-03 06:25 . 2007-09-26 20:01 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2009-04-03 06:25 . 2007-09-26 21:17 -------- d-----w c:\program files\McAfee 2009-04-03 05:26 . 2009-04-03 00:36 2681 ----a-w C:\aaw7boot.log 2009-04-02 11:06 . 2008-07-03 13:25 39304 ----a-w c:\documents and settings\Devin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-28 09:22 . 2006-10-01 20:57 -------- d-----w c:\program files\Full Tilt Poker 2009-03-21 16:48 . 2009-03-21 16:48 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SACore 2009-03-21 05:46 . 2009-03-10 04:39 -------- d-----w c:\documents and settings\Tim\Application Data\muvee Technologies 2009-03-20 20:21 . 2009-03-20 20:21 -------- d-----w c:\documents and settings\Tim\Application Data\Malwarebytes 2009-03-20 20:20 . 2009-03-20 20:20 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-20 15:22 . 2009-03-20 03:05 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2009-03-20 02:59 . 2009-03-20 02:59 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-03-20 01:49 . 2006-11-22 13:00 -------- d-----w c:\documents and settings\Tim\Application Data\Lavasoft 2009-03-18 15:47 . 2009-03-18 15:47 -------- d-----w c:\program files\WinPcap 2009-03-10 07:53 . 2009-03-10 04:32 -------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies 2009-03-10 05:31 . 2008-10-03 15:11 -------- d-----w c:\program files\LimeWire 2009-03-10 04:39 . 2006-07-25 21:41 39304 ----a-w c:\documents and settings\Tim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-10 04:33 . 2009-03-10 04:32 -------- d-----w c:\program files\Common Files\muvee Technologies 2009-03-10 04:32 . 2009-03-10 04:32 -------- d-----w c:\program files\muvee Technologies 2009-03-10 04:30 . 2007-12-20 20:58 -------- d-----w c:\program files\Corel 2009-03-10 04:21 . 2007-12-20 21:06 -------- d-----w c:\documents and settings\Tim\Application Data\Corel 2009-03-10 04:16 . 2007-12-20 20:58 -------- d-----w c:\program files\Common Files\Corel 2009-03-10 04:10 . 2009-03-10 04:10 -------- d-----w c:\documents and settings\Tim\Application Data\InstallShield 2009-03-09 10:19 . 2009-01-20 00:58 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-06 14:22 . 2006-01-19 02:02 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:18 . 2006-01-19 02:02 826368 ----a-w c:\windows\system32\wininet.dll 2009-03-02 12:40 . 2009-03-02 12:40 -------- d-----w c:\documents and settings\Devin\Application Data\Corel 2009-02-20 18:09 . 2006-01-19 02:01 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-09 12:10 . 2006-01-19 02:01 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2006-01-19 02:02 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 12:10 . 2006-01-19 02:02 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2006-01-19 02:01 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 11:13 . 2006-01-19 02:02 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-08 00:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-06 11:11 . 2006-01-19 02:02 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:08 . 2006-01-19 02:02 2189056 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2006-01-19 02:02 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:59 . 2006-01-19 02:02 56832 ----a-w c:\windows\system32\secur32.dll 2009-01-19 03:37 . 2009-01-19 03:37 34608 ----a-w c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-08-19 17:09 . 2008-07-02 22:31 34608 ----a-w c:\documents and settings\Danni\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2007-10-01 00:43 . 2007-10-01 00:43 126 ----a-w c:\documents and settings\Tim\Local Settings\Application Data\fusioncache.dat 2007-08-15 18:59 . 2007-10-14 18:59 32 ----a-r c:\documents and settings\All Users\hash.dat 2008-08-19 15:19 . 2008-08-19 15:20 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-08 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-03-07 98304] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "Corel File Shell Monitor"="c:\program files\Corel\Corel MediaOne\CorelIOMonitor.exe" [2007-12-01 38400] "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Common Files\\Microsoft Shared\\VS7Debug\\mdm.exe"= R0 Fnru77;Fnru77; [x] R1 hequllca;hequllca; [x] R2 npf;NetGroup Packet Filter Driver; [x] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-08 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] . Contents of the 'Scheduled Tasks' folder 2009-04-22 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local;<local> uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: select2perform.com\www Trusted Zone: yahoo.com\www FF - ProfilePath - c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\tw6763fm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy.http_port - 7171 FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-21 19:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(700) c:\program files\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'explorer.exe'(3468) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\PSIService.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\toshiba\IVP\swupdate\swupdtmr.exe c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe c:\windows\system32\wscntfy.exe c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe . ************************************************************************** . Completion time: 2009-04-22 19:51 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-22 00:49 ComboFix2.txt 2009-04-10 17:04 Pre-Run: 30,483,521,536 bytes free Post-Run: 30,570,622,976 bytes free 300 --- E O F --- 2009-04-21 06:57 JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Apr 21 19:59:40 2009 ------------------------------------ Finished reporting. CLEANING COMPLETE - (63.126 secs) ------------------------------------------------------------------------------------------ 111.2MB removed. ------------------------------------------------------------------------------------------ Details of files deleted ------------------------------------------------------------------------------------------ IE Temporary Internet Files (1856 files) 48.9MB C:\Documents and Settings\Tim\Cookies\tim@ads.bluelithium[1].txt 397 bytes C:\Documents and Settings\Tim\Cookies\tim@live[2].txt 2.14KB C:\Documents and Settings\Tim\Cookies\tim@msn[1].txt 1.62KB C:\Documents and Settings\Tim\Cookies\tim@zone.msn[2].txt 1.85KB C:\Documents and Settings\Tim\Cookies\tim@packratwiki[1].txt 385 bytes C:\Documents and Settings\Tim\Cookies\tim@login.live[1].txt 843 bytes C:\Documents and Settings\Tim\Cookies\tim@c.msn[2].txt 135 bytes C:\Documents and Settings\Tim\Cookies\tim@c.live[2].txt 68 bytes C:\Documents and Settings\Tim\Cookies\tim@weather[2].txt 877 bytes C:\Documents and Settings\Tim\Cookies\tim@zune[2].txt 235 bytes C:\Documents and Settings\Tim\Cookies\tim@ie.search.msn[2].txt 427 bytes C:\Documents and Settings\Tim\Cookies\tim@windowsmarketplace[2].txt 263 bytes C:\Documents and Settings\Tim\Cookies\tim@myspace[1].txt 423 bytes C:\Documents and Settings\Tim\Cookies\tim@muvee[2].txt 74 bytes C:\Documents and Settings\Tim\Cookies\tim@rad.msn[2].txt 702 bytes C:\Documents and Settings\Tim\Cookies\tim@flyingdiscmagazine[1].txt 536 bytes C:\Documents and Settings\Tim\Cookies\tim@winzip[1].txt 95 bytes C:\Documents and Settings\Tim\Cookies\tim@youtube[1].txt 97 bytes C:\Documents and Settings\Tim\Cookies\tim@ecom.dfckc[2].txt 381 bytes C:\Documents and Settings\Tim\Cookies\tim@odc.weather[1].txt 113 bytes C:\Documents and Settings\Tim\Cookies\tim@www.msn[1].txt 555 bytes C:\Documents and Settings\Tim\Cookies\tim@store.muvee[2].txt 122 bytes C:\Documents and Settings\Tim\Cookies\tim@msn[2].txt 1.47KB C:\Documents and Settings\Tim\Local Settings\History\History.IE5\MSHist012009033020090406\index.dat 64.00KB C:\Documents and Settings\Tim\Local Settings\History\History.IE5\MSHist012009040620090413\index.dat 48.00KB C:\Documents and Settings\Tim\Local Settings\History\History.IE5\MSHist012009041020090411\index.dat 32.00KB C:\Documents and Settings\Tim\Local Settings\History\History.IE5\MSHist012009041320090420\index.dat 48.00KB C:\Documents and Settings\Tim\Local Settings\History\History.IE5\MSHist012009042020090421\index.dat 48.00KB C:\Documents and Settings\Tim\Local Settings\History\History.IE5\MSHist012009042120090422\index.dat 32.00KB Marked for deletion: C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\index.dat Marked for deletion: C:\Documents and Settings\Tim\Cookies\index.dat Marked for deletion: C:\Documents and Settings\Tim\Local Settings\History\History.IE5\index.dat C:\Documents and Settings\Tim\Recent\0-Chicago-8-2005.JPG.lnk 860 bytes C:\Documents and Settings\Tim\Recent\02 - Nickelback - Burn It To The Ground.mp3.lnk 881 bytes C:\Documents and Settings\Tim\Recent\02 -Nickelback-Dark Horse- Burn It To The Ground.mp3.lnk 926 bytes C:\Documents and Settings\Tim\Recent\10-20-2008-27-crop.jpg.lnk 1.02KB C:\Documents and Settings\Tim\Recent\1008t.jpg.lnk 817 bytes C:\Documents and Settings\Tim\Recent\101MSDCF.lnk 308 bytes C:\Documents and Settings\Tim\Recent\1989-2.jpg.lnk 794 bytes C:\Documents and Settings\Tim\Recent\2009t.jpg.lnk 817 bytes C:\Documents and Settings\Tim\Recent\2011t.jpg.lnk 817 bytes C:\Documents and Settings\Tim\Recent\2012t.jpg.lnk 817 bytes C:\Documents and Settings\Tim\Recent\2015t.jpg.lnk 817 bytes C:\Documents and Settings\Tim\Recent\4th-july-2008.lnk 618 bytes C:\Documents and Settings\Tim\Recent\action.jpg.lnk 824 bytes C:\Documents and Settings\Tim\Recent\April_2008 (35).JPG.lnk 892 bytes C:\Documents and Settings\Tim\Recent\April_Fools.lnk 608 bytes C:\Documents and Settings\Tim\Recent\Aschool-2-2009.jpg.lnk 866 bytes C:\Documents and Settings\Tim\Recent\AUTORUN.INF.lnk 297 bytes C:\Documents and Settings\Tim\Recent\Baughers1.mpg.lnk 554 bytes C:\Documents and Settings\Tim\Recent\BlastFromThePast.lnk 633 bytes C:\Documents and Settings\Tim\Recent\Bootcamp5-30-08.lnk 628 bytes C:\Documents and Settings\Tim\Recent\camera.txt.lnk 476 bytes C:\Documents and Settings\Tim\Recent\camping.txt.lnk 481 bytes C:\Documents and Settings\Tim\Recent\CampingAPRIL2009.lnk 739 bytes C:\Documents and Settings\Tim\Recent\CD Drive.lnk 192 bytes C:\Documents and Settings\Tim\Recent\CFscript.txt.lnk 488 bytes C:\Documents and Settings\Tim\Recent\CityMobile-DiscGolf (21).JPG.lnk 916 bytes C:\Documents and Settings\Tim\Recent\CityMobile-DiscGolf (32).JPG.lnk 916 bytes C:\Documents and Settings\Tim\Recent\CityMobile-DiscGolf (34).JPG.lnk 916 bytes C:\Documents and Settings\Tim\Recent\credit1.jpg.lnk 542 bytes C:\Documents and Settings\Tim\Recent\credit8.jpg.lnk 542 bytes C:\Documents and Settings\Tim\Recent\credit9.jpg.lnk 542 bytes C:\Documents and Settings\Tim\Recent\Danni-phone.lnk 608 bytes C:\Documents and Settings\Tim\Recent\Desktop.ini.lnk 757 bytes C:\Documents and Settings\Tim\Recent\Dirty.lnk 715 bytes C:\Documents and Settings\Tim\Recent\DiscGolf-2008&2009.mpg.lnk 886 bytes C:\Documents and Settings\Tim\Recent\DiscGolf.lnk 611 bytes C:\Documents and Settings\Tim\Recent\DiscGolf08-09.mpg.lnk 861 bytes C:\Documents and Settings\Tim\Recent\discgolf12-08 (1).JPG.lnk 881 bytes C:\Documents and Settings\Tim\Recent\discs.txt.lnk 469 bytes C:\Documents and Settings\Tim\Recent\Driver Cache.lnk 514 bytes C:\Documents and Settings\Tim\Recent\DSC00854.JPG.lnk 431 bytes C:\Documents and Settings\Tim\Recent\DSC01369.JPG.lnk 431 bytes C:\Documents and Settings\Tim\Recent\e100a325.inf.lnk 677 bytes C:\Documents and Settings\Tim\Recent\Easter09 (19).JPG.lnk 893 bytes C:\Documents and Settings\Tim\Recent\Easter09 (21).JPG.lnk 893 bytes C:\Documents and Settings\Tim\Recent\Easter09 (22).JPG.lnk 893 bytes C:\Documents and Settings\Tim\Recent\Easter09 (23).JPG.lnk 893 bytes C:\Documents and Settings\Tim\Recent\Easter09 (25).JPG.lnk 893 bytes C:\Documents and Settings\Tim\Recent\Easter09 (27).JPG.lnk 893 bytes C:\Documents and Settings\Tim\Recent\Easter09 (28).JPG.lnk 893 bytes C:\Documents and Settings\Tim\Recent\Easter09 (5).JPG.lnk 888 bytes C:\Documents and Settings\Tim\Recent\Easter2009.lnk 621 bytes C:\Documents and Settings\Tim\Recent\First batch.lnk 608 bytes C:\Documents and Settings\Tim\Recent\fw.txt.lnk 452 bytes C:\Documents and Settings\Tim\Recent\Iex2.jpg.lnk 693 bytes C:\Documents and Settings\Tim\Recent\Infection.zip.lnk 417 bytes C:\Documents and Settings\Tim\Recent\JavaRa.log.lnk 476 bytes C:\Documents and Settings\Tim\Recent\LimeWare.lnk 578 bytes C:\Documents and Settings\Tim\Recent\log.txt.lnk 361 bytes C:\Documents and Settings\Tim\Recent\Luter (17).JPG.lnk 839 bytes C:\Documents and Settings\Tim\Recent\Luter (18).JPG.lnk 839 bytes C:\Documents and Settings\Tim\Recent\Luter (19).JPG.lnk 839 bytes C:\Documents and Settings\Tim\Recent\March18-09MOBLE (22).JPG.lnk 896 bytes C:\Documents and Settings\Tim\Recent\March18-09MOBLE (7).JPG.lnk 891 bytes C:\Documents and Settings\Tim\Recent\Moraine.jpg.lnk 829 bytes C:\Documents and Settings\Tim\Recent\My Pictures.lnk 503 bytes C:\Documents and Settings\Tim\Recent\n663620227_3490815_5102.jpg.lnk 946 bytes C:\Documents and Settings\Tim\Recent\n663620227_3490823_7791.jpg.lnk 946 bytes C:\Documents and Settings\Tim\Recent\NavyDay (11).JPG.lnk 916 bytes C:\Documents and Settings\Tim\Recent\NavyDay (16).JPG.lnk 916 bytes C:\Documents and Settings\Tim\Recent\NavyDay (20).JPG.lnk 916 bytes C:\Documents and Settings\Tim\Recent\NavyDay4-18-09.lnk 641 bytes C:\Documents and Settings\Tim\Recent\New Text Document.txt.lnk 533 bytes C:\Documents and Settings\Tim\Recent\NewOrleans03-15-09.lnk 643 bytes C:\Documents and Settings\Tim\Recent\NewOrleans3-15-09 (1).JPG.lnk 971 bytes C:\Documents and Settings\Tim\Recent\NewOrleans3-15-09 (9).JPG.lnk 901 bytes C:\Documents and Settings\Tim\Recent\NewYears08-09.lnk 618 bytes C:\Documents and Settings\Tim\Recent\Nick2.JPG.lnk 792 bytes C:\Documents and Settings\Tim\Recent\Nickelback - Burn It To The Ground.mp3.lnk 856 bytes C:\Documents and Settings\Tim\Recent\Nickelback - Figured You Out.mp3.lnk 826 bytes C:\Documents and Settings\Tim\Recent\Nickleback - Photograph.mp3.lnk 890 bytes C:\Documents and Settings\Tim\Recent\Nikon.lnk 592 bytes C:\Documents and Settings\Tim\Recent\Nov2008-bw.JPG.lnk 729 bytes C:\Documents and Settings\Tim\Recent\Nov2008.JPG.lnk 804 bytes C:\Documents and Settings\Tim\Recent\Oct2008.lnk 586 bytes C:\Documents and Settings\Tim\Recent\older danni pics.lnk 633 bytes C:\Documents and Settings\Tim\Recent\PCola-House.lnk 608 bytes C:\Documents and Settings\Tim\Recent\pirate.lnk 583 bytes C:\Documents and Settings\Tim\Recent\Prom1992.jpg.lnk 806 bytes C:\Documents and Settings\Tim\Recent\S0c65.lnk 865 bytes C:\Documents and Settings\Tim\Recent\Sandcastle.lnk 603 bytes C:\Documents and Settings\Tim\Recent\ScreenSaver.lnk 403 bytes C:\Documents and Settings\Tim\Recent\SillyBoySMACKDOWN (1).JPG.lnk 792 bytes C:\Documents and Settings\Tim\Recent\SillyBoySMACKDOWN (16).JPG.lnk 797 bytes C:\Documents and Settings\Tim\Recent\sls people.lnk 621 bytes C:\Documents and Settings\Tim\Recent\SSPX0191.jpg.lnk 857 bytes C:\Documents and Settings\Tim\Recent\thanksgiving 08.lnk 628 bytes C:\Documents and Settings\Tim\Recent\Tourney2-Feb28-2009 (10).JPG.lnk 916 bytes C:\Documents and Settings\Tim\Recent\Tourney2-Feb28-2009 (14).JPG.lnk 916 bytes C:\Documents and Settings\Tim\Recent\Tourney2-Feb28-2009 (15).JPG.lnk 916 bytes C:\Documents and Settings\Tim\Recent\Tourney2-Feb28-2009 (4).JPG.lnk 911 bytes C:\Documents and Settings\Tim\Recent\Tvs.chm.lnk 725 bytes C:\Documents and Settings\Tim\Recent\Tvs.lnk 583 bytes C:\Documents and Settings\Tim\Recent\uwf-discgolf ACE(10).JPG.lnk 896 bytes C:\Documents and Settings\Tim\Recent\vyAd94HlW.EDw4eJUhJzXA--_m.jpg.lnk 1.16KB C:\Documents and Settings\Tim\Recent\Xmas08.lnk 581 bytes C:\Documents and Settings\Tim\Recent\you play.jpeg.lnk 841 bytes C:\WINDOWS\TEMP\MpCmdRun.log 808 bytes C:\Documents and Settings\Tim\Local Settings\temp\java_install_reg.log 2.24KB C:\Documents and Settings\Tim\Local Settings\temp\jusched.log 54 bytes C:\Documents and Settings\Tim\Local Settings\temp\wzce5c\JavaRa.exe 0.14MB Removed Cookie: facebook.com Removed Cookie: rockyou.com Removed Cookie: rubiconproject.com Removed Cookie: yahoo.com Removed Cookie: www.yahoo.com Removed Cookie: go.com Removed Cookie: google.com Removed Cookie: swinglifestyle.com Removed Cookie: rya.ntt.rockyou.com Removed Cookie: rya.eq.rockyou.com Removed Cookie: quantserve.com Removed Cookie: rya.rockyou.com Removed Cookie: ad110.myofferpal.com Removed Cookie: socialreach.com Removed Cookie: bidsystem.com Removed Cookie: openx.net Removed Cookie: d.tradex.openx.com Removed Cookie: a1.interclick.com Removed Cookie: interclick.com Removed Cookie: sochr.com Removed Cookie: sndg.org Removed Cookie: 64.111.196.117 Removed Cookie: www.findstuff.com Removed Cookie: spreadsheets.google.com Removed Cookie: www.viovio.com Removed Cookie: viovio.com Removed Cookie: socialmedia.com Removed Cookie: rad.msn.com Removed Cookie: mmismm.com Removed Cookie: abmr.net Removed Cookie: media6degrees.com Removed Cookie: adnxs.com Removed Cookie: adsfac.us Removed Cookie: blitzads.com Removed Cookie: xp-vista.com Removed Cookie: www.a013.com Removed Cookie: myantispyware.com Removed Cookie: siteadvisor.com Removed Cookie: sdc.mcafee.com Removed Cookie: www.mcafee.com Removed Cookie: service.mcafee.com Removed Cookie: mcafee.com Removed Cookie: pubmatic.com Removed Cookie: snap.com Removed Cookie: community.mcafee.com Removed Cookie: intellitxt.com Removed Cookie: bleepingcomputer.com Removed Cookie: lfstmedia.com Removed Cookie: somrapi.com Removed Cookie: adbidcentral.com Removed Cookie: turn.com Removed Cookie: babyhopes.com Removed Cookie: forms.aweber.com Removed Cookie: blockbuster.com Removed Cookie: www.blockbuster.com Removed Cookie: wa.marketingsolutions.yahoo.com Removed Cookie: opt.fimserve.com Removed Cookie: answers.yahoo.com Removed Cookie: specificmedia.com Removed Cookie: com.com Removed Cookie: cnet.com Removed Cookie: revsci.net Removed Cookie: zoombli.com Removed Cookie: www.zoombli.com Removed Cookie: events.webflowmetrics.com Removed Cookie: malwarebytes.org Removed Cookie: ncaa.com Removed Cookie: mmod.ncaa.com Removed Cookie: penguins.nhl.com Removed Cookie: bluwiki.com Removed Cookie: packratwiki.com Removed Cookie: mail.yahoo.com Removed Cookie: adshuffle.com Removed Cookie: by.adshuffle.com Removed Cookie: udmserve.net Removed Cookie: addlvr.com Removed Cookie: bluekai.com Removed Cookie: delb.opt.fimserve.com Removed Cookie: wbdgw.com Removed Cookie: ning.com Removed Cookie: discgolfer.ning.com Removed Cookie: desk.opt.fimserve.com Removed Cookie: ytsa.net Removed Cookie: tube8.com Removed Cookie: etology.com Removed Cookie: srv.etology.com Removed Cookie: www.adparlor.com Removed Cookie: clearspring.com Removed Cookie: www.livenation.com Removed Cookie: ticketmaster.com Removed Cookie: wt.ticketmaster.com Removed Cookie: www.ticketmaster.com Removed Cookie: ads.as4x.tmcs.ticketmaster.com Removed Cookie: recaptcha.net Removed Cookie: de.ticketmaster.com Removed Cookie: app.insightgrit.com Removed Cookie: intuit.com Removed Cookie: contextweb.com Removed Cookie: action.mathtag.com Removed Cookie: turbotax.intuit.com Removed Cookie: hrblock.com Removed Cookie: taxcut.com Removed Cookie: rfihub.com Removed Cookie: myspace.com Removed Cookie: demr.opt.fimserve.com Removed Cookie: deeb.opt.fimserve.com Removed Cookie: desb.opt.fimserve.com Removed Cookie: nb.myspace.com Removed Cookie: defp.opt.fimserve.com Removed Cookie: fimserve.com Removed Cookie: ebay.com Removed Cookie: richmedia.yahoo.com Removed Cookie: ads.ad4game.com Removed Cookie: ad4game.com Removed Cookie: weather.com Removed Cookie: odc.weather.com Removed Cookie: viewmorepics.myspace.com Removed Cookie: api.msappspace.com Removed Cookie: d1.openx.org Removed Cookie: hulu.com Removed Cookie: www.hulu.com Removed Cookie: geocities.com Removed Cookie: wordpress.com Removed Cookie: imdb.com Removed Cookie: kanoodle.com Removed Cookie: youtube.com Removed Cookie: www.tech-archive.net Removed Cookie: tech-archive.net Removed Cookie: www.technologyquestions.com Removed Cookie: technologyquestions.com Removed Cookie: howtogeek.com Removed Cookie: www.askmehelpdesk.com Removed Cookie: askmehelpdesk.com Removed Cookie: walgreens.com Removed Cookie: www.walgreens.com Removed Cookie: ask.com Removed Cookie: turbotaxonline.intuit.com Removed Cookie: www.webcrawler.com Removed Cookie: webcrawler.com Removed Cookie: shopica.com Removed Cookie: www.taxslayer.com Removed Cookie: taxslayer.com Removed Cookie: support.lexisnexis.com Removed Cookie: sharethis.com Removed Cookie: flickr.com Removed Cookie: denimology.co.uk Removed Cookie: glam.com Removed Cookie: ads.10click.com Removed Cookie: service1.predictad.com Removed Cookie: www.banks.com Removed Cookie: banks.com Removed Cookie: 10click.com Removed Cookie: afy11.net Removed Cookie: d2roi.com Removed Cookie: tlal.exelator.net Removed Cookie: countomat.com Removed Cookie: hitbuster.com Removed Cookie: thisis50.com Removed Cookie: gigya.com Removed Cookie: metacafe.com Removed Cookie: vimeo.com Removed Cookie: amgdgt.com Removed Cookie: dailymotion.com Removed Cookie: filmalem.com Removed Cookie: infolinks.com Removed Cookie: mookie1.com Removed Cookie: adinterax.com Removed Cookie: checkout.google.com Removed Cookie: ecom.dfckc.com Removed Cookie: 64.5.219.20 Removed Cookie: business.com Removed Cookie: www.taxactonline.com Removed Cookie: rivals.com Removed Cookie: www.dgcoursereview.com Removed Cookie: dgcoursereview.com Removed Cookie: citizentaxfree.com Removed Cookie: ads.bluelithium.com Removed Cookie: www.scrapgirls.com Removed Cookie: interneka.com Removed Cookie: scrapgirls.com Removed Cookie: thesewphisticatedstitcher.com Removed Cookie: yahoo.net Removed Cookie: store.yahoo.com Removed Cookie: store.yahoo.net Removed Cookie: lovingbabyinc.com Removed Cookie: www.dipity.com Removed Cookie: dipity.com Removed Cookie: feed.ndot.com Removed Cookie: looksmart.com Removed Cookie: www.cheapoair.com Removed Cookie: vegard.net Removed Cookie: medifast1.com Removed Cookie: digg.com Removed Cookie: koa.com Removed Cookie: adventuresunlimited.com Removed Cookie: calendar.sunherald.com Removed Cookie: sunherald.com Removed Cookie: alabama.hometownlocator.com Removed Cookie: hometownlocator.com Removed Cookie: forums.stickitdg.com Removed Cookie: iowadg.com Removed Cookie: discgolfersr.us Removed Cookie: www.discgolfersr.us Removed Cookie: news4jax.com Removed Cookie: www.pdga.com Removed Cookie: discussion.pdga.com Removed Cookie: pdga.com Removed Cookie: cox.com Removed Cookie: cox.net Removed Cookie: walmart.com Removed Cookie: recs.richrelevance.com Removed Cookie: autozone.com Removed Cookie: target.com Removed Cookie: www.sndg.org Removed Cookie: voicefive.com Removed Cookie: analytics.gameforge.de Removed Cookie: ebaumsworld.com Removed Cookie: traffiq.com Removed Cookie: www.blogskinny.com Removed Cookie: platial.com Removed Cookie: eas.apm.emediate.eu Removed Cookie: aumha.net Removed Cookie: computing.net Removed Cookie: invitemedia.com Removed Cookie: bangbros.com Removed Cookie: news.yahoo.com Removed Cookie: d.wwar.biz Removed Cookie: collective-media.net Removed Cookie: mybloglog.com Removed Cookie: roia.biz Removed Cookie: ontheradio.net Removed Cookie: www.carocaptains.com Removed Cookie: carocaptains.com Removed Cookie: tag.admeld.com Removed Cookie: analytics.spongecell.com Removed Cookie: dallasnews.com Removed Cookie: www.dallasnews.com Removed Cookie: health.yahoo.com Removed Cookie: delicious.com Removed Cookie: morbidlyamusingvideos.com Removed Cookie: great-quotes.com Removed Cookie: www.great-quotes.com Removed Cookie: urbandictionary.com Removed Cookie: www.urbandictionary.com Removed Cookie: t.antrck.com Removed Cookie: network.adsmarket.com Removed Cookie: traviangames.com Removed Cookie: travian.com Removed Cookie: dvice.com Removed Cookie: nbcuni.com Removed Cookie: s6.travian.com Removed Cookie: espn.go.com Removed Cookie: bracketography.com Removed Cookie: aol.com Removed Cookie: live.com Removed Cookie: msn.com Removed Cookie: capperspicks.com Removed Cookie: connextra.com Removed Cookie: affiliate.sportsinteraction.com Removed Cookie: nsawins.com Removed Cookie: affiliates.commissionaccount.com Removed Cookie: ads.us.e-planning.net Removed Cookie: warmnetworks.com Removed Cookie: wkrg.com Removed Cookie: mgnetwork.com Removed Cookie: www.nbc15online.com Removed Cookie: centralmediaserver.com Removed Cookie: ibatom.com Removed Cookie: www.ibatom.com Removed Cookie: collarity.com Removed Cookie: fox10tv.com Removed Cookie: americantowns.com Removed Cookie: adtracker.americantowns.com Removed Cookie: navyformoms.com Removed Cookie: ninggadgets.com Removed Cookie: cbs.com Removed Cookie: track.cbs.com Removed Cookie: addictinggames.com Removed Cookie: media.mtvnservices.com Removed Cookie: core.mochibot.com Removed Cookie: wsj.com Removed Cookie: dowjoneson.com Removed Cookie: loomia.com Removed Cookie: lostparks.com Removed Cookie: facebook.livingsocial.com Removed Cookie: badjojo.com Removed Cookie: xhamster.com Removed Cookie: mofosex.com Removed Cookie: ad2.doublepimp.com Removed Cookie: www.tnaflix.com Removed Cookie: tnaflix.com Removed Cookie: constantcontact.com Removed Cookie: www.weather.com Removed Cookie: music.yahoo.com Removed Cookie: zimbio.com Removed Cookie: blogger.com Removed Cookie: celeb9.com Removed Cookie: chitika.net Removed Cookie: gossipteen.com Removed Cookie: info.com Removed Cookie: intelli-direct.com Removed Cookie: cnn.com Removed Cookie: ads.cnn.com Removed Cookie: bigpicweblog.com Removed Cookie: amazon.com Removed Cookie: jutiagroup.com Removed Cookie: cdn.investingchannel.com Removed Cookie: sanebull.com Removed Cookie: ign.com Removed Cookie: ubt.ign.com Removed Cookie: www.ign.com Removed Cookie: movies.ign.com Removed Cookie: rottentomatoes.com Removed Cookie: www.rottentomatoes.com Removed Cookie: current.com Removed Cookie: tidaltv.com Removed Cookie: www.addictinggames.com Removed Cookie: shockwave.com Removed Cookie: twi.checkm8.com Removed Cookie: si.com Removed Cookie: golf.com Removed Cookie: outbrain.com Removed Cookie: trc.taboolasyndication.com Removed Cookie: theknot.com Removed Cookie: tkcm.theknot.com Removed Cookie: weddings.theknot.com Removed Cookie: www.addthis.com Removed Cookie: main.ebayrtm.com Removed Cookie: ebayrtm.com Removed Cookie: euroclick.com Removed Cookie: www999.shopping.com Removed Cookie: go.revlon-sample.com Removed Cookie: hooters.com Removed Cookie: know-where.com Removed Cookie: latimes.com Removed Cookie: www.latimes.com Removed Cookie: dailygrommet.com Removed Cookie: boardgamegeek.com Removed Cookie: www.clickmanage.com Removed Cookie: www.shopalltel.com Removed Cookie: shopalltel.com Removed Cookie: dcs2.alltel.com Removed Cookie: www6.shopalltel.com Removed Cookie: www.alltel.com Removed Cookie: alltel.com Removed Cookie: att.com Removed Cookie: www.wireless.att.com Removed Cookie: wireless.att.com Removed Cookie: wls.wireless.att.com Removed Cookie: searchmarketing.com Removed Cookie: www.nutrisystem.com Removed Cookie: nutrisystem.com Removed Cookie: toseeka.com Removed Cookie: www.kidica.com Removed Cookie: kidica.com Removed Cookie: counter.surfcounters.com Removed Cookie: tracking.foundry42.com Removed Cookie: thecampingsource.com Removed Cookie: amazingmoms.com Removed Cookie: camprecipes.com Removed Cookie: 66.230.188.67 Removed Cookie: mastersofthehunt.com Removed Cookie: blurtit.com Removed Cookie: catalogs.com Removed Cookie: kaboose.com Removed Cookie: resources.kaboose.com Removed Cookie: thebrennans.us Removed Cookie: scribd.com Removed Cookie: www.scribd.com Removed Cookie: www.wkrg.com Removed Cookie: weather.wkrg.com Removed Cookie: offers.gratisnetwork.com Removed Cookie: wwe.com Removed Cookie: www.answers.com Removed Cookie: wiki.answers.com Removed Cookie: answers.com Removed Cookie: a.answers.com Removed Cookie: justin.tv Removed Cookie: www.justin.tv Removed Cookie: civicscience.com Removed Cookie: reference.com Removed Cookie: tumri.net Removed Cookie: weddingmapper.com Removed Cookie: waymarking.com Removed Cookie: cnic.navy.mil Removed Cookie: tripadvisor.com Removed Cookie: opentable.com Removed Cookie: versaillesdining.com Removed Cookie: goodgrits.com Removed Cookie: www.menupix.com Removed Cookie: ads.foodbuzz.com Removed Cookie: menupix.com Removed Cookie: www.urbanspoon.com Removed Cookie: urbanspoon.com Removed Cookie: citysearch.net Removed Cookie: citysearch.com Removed Cookie: myroitracking.com Removed Cookie: ads.clicksor.com Removed Cookie: pctools.com Removed Cookie: flyingdiscmagazine.com Removed Cookie: discnation.com Removed Cookie: www.discnation.com Removed Cookie: paypal.com Removed Cookie: stats.paypal.com Removed Cookie: securestudies.com Removed Cookie: 77.91.228.48 Removed Cookie: www.microsoft.com Removed Cookie: www.hellolocal.com Removed Cookie: hellolocal.com Removed Cookie: download.com Removed Cookie: microsoft.com Removed Cookie: rad.microsoft.com Removed Cookie: store.malwarebytes.org Removed Cookie: download3k.com Removed Cookie: www.download3k.com Removed Cookie: www.google.com Removed Cookie: www.ecdgc.org Removed Cookie: nbcnewyork.com Removed Cookie: fedex.com Removed Cookie: www.fedex.com Removed Cookie: ehg.fedex.com Removed Cookie: images.bestbuy.com Removed Cookie: channelintelligence.com Removed Cookie: www.bestbuy.com Removed Cookie: track.bestbuy.com Removed Cookie: 2867243284.pub.ezanga.com Removed Cookie: ezanga.com Removed Cookie: btcar.com Removed Cookie: trialpay.com Removed Cookie: half.ebay.com Removed Cookie: www.woodlandcampingsupply.com Removed Cookie: about.com Removed Cookie: usmilitary.about.com Removed Cookie: nytimes.com Removed Cookie: rent.com Removed Cookie: www.carrentals.com Removed Cookie: boldchat.com Removed Cookie: advertising.com Removed Cookie: gmodules.com Removed Cookie: kontera.com Removed Cookie: windowsmarketplace.com Removed Cookie: sdc.windowsmarketplace.com Removed Cookie: scorecardresearch.com Removed Cookie: apmebf.com Removed Cookie: majorgeeks.com Removed Cookie: projects.securitywonks.net Removed Cookie: adbrite.com Removed Cookie: avast.com Removed Cookie: ssdc.ups.com Removed Cookie: insightexpressai.com Removed Cookie: farmersopry.com Removed Cookie: adserver.adtechus.com Removed Cookie: wrestlingclique.com Removed Cookie: tacoda.net Removed Cookie: ave99.com Removed Cookie: dlqm.net Removed Cookie: unicast.ign.com Removed Cookie: search.ign.com Removed Cookie: wii.ign.com Removed Cookie: filehippo.com Removed Cookie: wilderssecurity.com Removed Cookie: www.safer-networking.org Removed Cookie: secure.signupsecurity.com Removed Cookie: dkgdiscsports.com Removed Cookie: www.techspot.com Removed Cookie: techspot.com Removed Cookie: searchportal.information.com Removed Cookie: www.cybertechhelp.com Removed Cookie: cybertechhelp.com Removed Cookie: filext.com Removed Cookie: zootube365.com Removed Cookie: www.zootube365.com Removed Cookie: www.subway.com Removed Cookie: sdc.subway.com Removed Cookie: redf.org Removed Cookie: freeforum.avg.com Removed Cookie: roiservice.com Removed Cookie: www.support.com Removed Cookie: winzip.com Removed Cookie: blogs.myspace.com Removed Cookie: openxxx.viragemedia.com Removed Cookie: untd.com Removed Cookie: mcafee.secureie.com Removed Cookie: secure.winferno.com Removed Cookie: winferno.com Removed Cookie: www.techsupportforum.com Removed Cookie: techsupportforum.com Removed Cookie: tracking.realtor.com Removed Cookie: www.realtor.com Removed Cookie: realtor.com Removed Cookie: techguy.org Removed Cookie: ads.techguy.org Removed Cookie: forums.techguy.org Removed Cookie: hfm.checkm8.com Removed Cookie: load.exelator.com Removed Cookie: activevirusshield.com Removed Cookie: self.com Removed Cookie: imagespeech.com Removed Cookie: media.photobucket.com Removed Cookie: photobucket.com Removed Cookie: mapquest.com Removed Cookie: e-2dj6wfmiujc5cep.stats.esomniture.com Removed Cookie: ilike.com Removed Cookie: tuneforums.com Removed Cookie: 80s.tuneforums.com Removed Cookie: bridge1.admarketplace.net Removed Cookie: admarketplace.net Removed Cookie: discgolfassoc.com Removed Cookie: www.discgolfassoc.com Removed Cookie: barnesandnoble.com Removed Cookie: forum.travian.com Removed Cookie: bizrate.com Removed Cookie: a.websponsors.com Removed Cookie: tv.com Removed Cookie: userinstinct.com Removed Cookie: dhh.louisiana.gov Removed Cookie: optimize.indieclick.com Removed Cookie: musicophily.com Removed Cookie: slack-time.com Removed Cookie: gigacrate.com Removed Cookie: top40-charts.com Removed Cookie: blacksportsonline.com Removed Cookie: www.mtv.com Removed Cookie: flux.com Removed Cookie: mtv.com Removed Cookie: food.yahoo.com Removed Cookie: ups.com Removed Cookie: lowpriceshopper.com Removed Cookie: wiiinfo.blogspot.com Removed Cookie: cheatcc.com Removed Cookie: tag.contextweb.com Removed Cookie: gametrailers.com Removed Cookie: cduniverse.com Removed Cookie: www.cduniverse.com Removed Cookie: viacom.adbureau.net Removed Cookie: product-reviews.net Removed Cookie: ads.lucidmedia.com Removed Cookie: gamespot.com Removed Cookie: e-2dj6wflichcpgao.stats.esomniture.com Removed Cookie: e-2dj6wfloupdjmao.stats.esomniture.com Removed Cookie: e-2dj6wjk4snc5edo.stats.esomniture.com Removed Cookie: account.alltel.com Removed Cookie: masters.com Removed Cookie: tmcnet.com Removed Cookie: alltelskins.com Removed Cookie: www.alltelskins.com Removed Cookie: www.florida-agriculture.com Removed Cookie: sdc.doacs.state.fl.us Removed Cookie: adserver.clicklish.com Removed Cookie: www.merchantcircle.com Removed Cookie: merchantcircle.com Removed Cookie: realestate.aol.com Removed Cookie: local.newsherald.com Removed Cookie: newsherald.com Removed Cookie: freedom.com Removed Cookie: local.com Removed Cookie: whrrl.com Removed Cookie: beliefnet.com Removed Cookie: www.beliefnet.com Removed Cookie: feeds.feedburner.com Removed Cookie: farmersmarket.com Removed Cookie: servedby.livemercial.com Removed Cookie: eas4.emediate.eu Removed Cookie: videos.diariometro.es Removed Cookie: metrofrance.com Removed Cookie: soundboard.com Removed Cookie: www.soundboard.com Removed Cookie: lycos.com Removed Cookie: openads.odeo.com Removed Cookie: odeo.com Removed Cookie: freebase.com Removed Cookie: people.com Removed Cookie: perfectpeople.net Removed Cookie: videosift.com Removed Cookie: nbc.com Removed Cookie: yumenetworks.com Removed Cookie: s.clickability.com Removed Cookie: nbcphiladelphia.com Removed Cookie: madblast.com Removed Cookie: dmtracker.com Removed Cookie: new.music.yahoo.com Removed Cookie: www.smsblaze.com Removed Cookie: smsblaze.com Removed Cookie: playoscreen.com Removed Cookie: kijiji.com Removed Cookie: pensacola.kijiji.com Removed Cookie: nhl.com Removed Cookie: versus.com Removed Cookie: www.versus.com Removed Cookie: feeds.accuscore.com Removed Cookie: visitpensacola.com Removed Cookie: aus2.mozilla.org Removed Cookie: download.mozilla.org Removed Cookie: banner.getyourglamtone.com Removed Cookie: reviews.metroguide.com Removed Cookie: trvlnet.adbureau.net Removed Cookie: mozilla.com Removed Cookie: puzzlepirates.com Removed Cookie: yppedia.puzzlepirates.com Removed Cookie: forums.puzzlepirates.com Removed Cookie: mp3lyrics.org Removed Cookie: edit.mp3lyrics.org Removed Cookie: rhapsody.com Removed Cookie: p-real.com Removed Cookie: metrolyrics.com Removed Cookie: videoegg.adbureau.net Removed Cookie: as.clearspring.com Removed Cookie: www.mp3lyrics.org Removed Cookie: letssingit.com Removed Cookie: artists.letssingit.com Removed Cookie: loadan.exelator.net Removed Cookie: modbee.com Removed Cookie: modesto.planetdiscover.com Removed Cookie: www.modbee.com Removed Cookie: iacas.adbureau.net Removed Cookie: wunderloop.net Removed Cookie: chick-fil-a.com Removed Cookie: groups.yahoo.com Removed Cookie: ad.backtalkmedia.com Removed Cookie: packrattools.com Removed Cookie: twitter.com Removed Cookie: ads.imarketservices.com Removed Cookie: harvest99.adgardener.com Removed Cookie: mvn.com Removed Cookie: ordie.adbureau.net Removed Cookie: bleacherreport.com Removed Cookie: analytics.bleacherreport.com Removed Cookie: ballhype.com Removed Cookie: northjersey.com Removed Cookie: ad.sbnation.com Removed Cookie: fromtherink.com Removed Cookie: www.fromtherink.com Removed Cookie: icehockey.suite101.com Removed Cookie: www.suite101.com Removed Cookie: suite101.com Removed Cookie: emjcd.com Removed Cookie: www.swoopo.com Removed Cookie: airtran.com Removed Cookie: tickets.airtran.com Removed Cookie: offermatica.com Removed Cookie: expedia.com Removed Cookie: media.expedia.com Removed Cookie: extras.expedia.com Removed Cookie: delta.com Removed Cookie: www.delta.com Removed Cookie: cafepress.com Removed Cookie: adparlor.com Removed Cookie: thepittsburghchannel.com Removed Cookie: wesh.com Removed Cookie: www.thepittsburghchannel.com Removed Cookie: wmur.com Removed Cookie: msnbc.msn.com Removed Cookie: behindthesteelcurtain.com Removed Cookie: pulse360.com Removed Cookie: www.behindthesteelcurtain.com Removed Cookie: wtrf.com Removed Cookie: www.wtrf.com Removed Cookie: bs.serving-sys.com Removed Cookie: serving-sys.com Removed Cookie: imrworldwide.com Removed Cookie: softpedia.com Removed Cookie: news.softpedia.com Removed Cookie: shivaranjan.com Removed Cookie: www.shivaranjan.com Removed Cookie: pctipsbox.com Removed Cookie: www.pctipsbox.com Removed Cookie: cryptagon.adspirit.de Removed Cookie: fox.com Removed Cookie: forums.fox.com Removed Cookie: ubi.com Removed Cookie: hellskitchenvideogame.us.ubi.com Removed Cookie: www.tsn.ca Removed Cookie: ctv.ca Removed Cookie: eyereturn.com Removed Cookie: www.about.com Removed Cookie: search.about.com Removed Cookie: at.atwola.com Removed Cookie: home.swinglifestyle.com Removed Cookie: realmedia.com Removed Cookie: casalemedia.com Removed Cookie: network.realmedia.com Removed Cookie: www.hbo.com Removed Cookie: southwest.com Removed Cookie: d.southwest.com Removed Cookie: d.admazing.com Removed Cookie: fb.familylink.com Removed Cookie: ad.accelerator-media.com Removed Cookie: www.neoseeker.com Removed Cookie: samsfuncity.com Removed Cookie: blog.puzzlepirates.com Removed Cookie: nintendo.com Removed Cookie: www.nintendo.com Removed Cookie: madison.com Removed Cookie: nbc15.com Removed Cookie: www.nbc15.com Removed Cookie: www.burstbeacon.com Removed Cookie: ign64.ign.com Removed Cookie: adultfriendfinder.com Removed Cookie: ad.adnetinteractive.com Removed Cookie: rewardtv.com Removed Cookie: ardhindie.com Removed Cookie: www.ardhindie.com Removed Cookie: www.buddytv.com Removed Cookie: buddytv.com Removed Cookie: statcounter.com Removed Cookie: fridaynightlightsinsider.com Removed Cookie: tvfanatic.com Removed Cookie: directv.com Removed Cookie: www.directv.com Removed Cookie: a.directv.com Removed Cookie: www.nbc.com Removed Cookie: myspacecdn.com Removed Cookie: music.myspace.com Removed Cookie: www.hyfntrak.com Removed Cookie: huffingtonpost.com Removed Cookie: crwdcntrl.net Removed Cookie: www.dickssportinggoods.com Removed Cookie: dickssportinggoods.com Removed Cookie: shop.nhl.com Removed Cookie: aggregateknowledge.com Removed Cookie: dotomi.com Removed Cookie: dtmpub.com Removed Cookie: www.canoeklix.com Removed Cookie: lfpress.ca Removed Cookie: slam.canoe.ca Removed Cookie: www.pennlive.com Removed Cookie: pennlive.com Removed Cookie: slide.com Removed Cookie: ebay.com.sg Removed Cookie: sg.ebayrtm.com Removed Cookie: forums.kingdomofloathing.com Removed Cookie: more-banners.com Removed Cookie: examiner.com Removed Cookie: www.examiner.com Removed Cookie: penguins.nhl.tv Removed Cookie: viddler.com Removed Cookie: ads.viddler.com Removed Cookie: fwmrm.net Removed Cookie: swoopo.com Removed Cookie: promotr.biz Removed Cookie: linotraffic.com Removed Cookie: www.abcjmp.com Removed Cookie: www5.findstuff.com Removed Cookie: 7577.91417.primosearch.com Removed Cookie: lookfamilytravel.com Removed Cookie: lookcollegesports.com Removed Cookie: 67.201.36.16 Removed Cookie: sourceforge.net Removed Cookie: ccleaner.com C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\tw6763fm.default\downloads.sqlite 19.00KB Firefox/Mozilla Temporary Internet Cache (249 files) 58.1MB C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\tw6763fm.default\GoogleToolbarData\searchhistory.xml 25.55KB C:\Documents and Settings\Tim\Application Data\Microsoft\MSN Messenger\3808000226\sqmnoopt00.sqm 368 bytes C:\Documents and Settings\Tim\Application Data\Microsoft\MSN Messenger\3808000226\sqmnoopt01.sqm 1.06KB C:\Documents and Settings\Tim\Application Data\Microsoft\MSN Messenger\3808000226\sqmnoopt02.sqm 920 bytes C:\Documents and Settings\Tim\Application Data\Microsoft\MSN Messenger\3808000226\sqmnoopt03.sqm 244 bytes C:\Documents and Settings\Tim\Application Data\Microsoft\MSN Messenger\3808000226\sqmnoopt04.sqm 368 bytes C:\Documents and Settings\Tim\Application Data\Microsoft\MSN Messenger\3808000226\sqmnoopt05.sqm 244 bytes C:\Documents and Settings\Tim\Application Data\Microsoft\MSN Messenger\3808000226\sqmnoopt06.sqm 612 bytes C:\Documents and Settings\Tim\Application Data\Microsoft\MSN Messenger\3808000226\sqmnoopt07.sqm 244 bytes C:\Documents and Settings\Tim\Application Data\Microsoft\MSN Messenger\3808000226\sqmnoopt08.sqm 820 bytes C:\Documents and Settings\Tim\Application Data\Microsoft\MSN Messenger\3808000226\sqmnoopt09.sqm 244 bytes C:\Documents and Settings\Tim\Application Data\Microsoft\MSN Messenger\3106805897\sqmnoopt00.sqm 316 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\assets.espn.go.com\s_br.sol 64 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\bin.clearspring.com\clearspring.sol 1,018 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\cache.reverbnation.com\com.quantserve.sol 74 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\cache.reverbnation.com\widgets\swf\28\blog_player.swf\flashwidgetPlayerCookie.sol 58 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\cdn-static.viddler.com\flash\player633.swf\undefined.sol 174 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\cdn-static.viddler.com\flash\player656.swf\undefined.sol 213 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\cdn.neulion.net\prefs.sol 37 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\cdn.neulion.net\s_br.sol 35 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\cdn.visiblemeasures.com\swf\as2\AS2SOHandler.swf\configData.sol 290 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\cdn.visiblemeasures.com\swf\as2\AS2SOHandler.swf\sessionData.sol 137 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\cdn.visiblemeasures.com\swf\as2\AS2SOHandler.swf\userData.sol 97 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\core.mochibot.com\com.mochibot.sol 105 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\core.videoegg.com\#com\videoegg\Lookery.sol 95 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\core.videoegg.com\#com\videoegg\Tearsheet.sol 84 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\core.videoegg.com\#ve\admanager.sol 73 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\cosmos.bcst.yahoo.com\COSMOSPrefs.sol 76 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\cosmos.bcst.yahoo.com\COSMOS_FOP.sol 62 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\d.scribd.com\ScribdViewer.swf\instance_identifier.sol 79 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\d.scribd.com\ScribdViewer.swf\scribdSettings.sol 65 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\d.yimg.com\COSMOSPrefs.sol 76 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\d.yimg.com\COSMOS_FOP.sol 88 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\dfckc.com\FlashCookieCASComputerId.sol 93 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\flash.quantserve.com\com.quantserve.sol 74 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\i2.current.com\s_br.sol 35 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\images-na.ssl-images-amazon.com\images\G\16\00\00\03\93\99\82\393998250.swf\MultiStoryModule_msm.sol 50 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\images.delta.com.edgesuite.net\s_br.sol 41 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\include.classistatic.com\include\c3js\classifieds\rel1\FLASH\flashCookie.swf\flashCookie.sol 2.41KB C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\include.classistatic.com\include\c3js\classifieds\rel1\FLASH\getMachId.swf\mach_data.sol 177 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\interclick.com\ud.sol 139 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\l.yimg.com\a\a\1-\java\promotions\ford\090421\a\__yFPT_time.sol 124 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\l.yimg.com\a\a\1-\java\promotions\healthy_choice\g\__yFPT_time.sol 124 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\l.yimg.com\a\a\1-\java\promotions\healthy_choice\k\__yFPT_time.sol 124 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\l.yimg.com\a\a\1-\java\promotions\infiniti\090326\a\container.swf\swfCounter.sol 52 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\l.yimg.com\a\a\1-\java\promotions\infiniti\090326\container.swf\swfCounter.sol 52 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\l.yimg.com\a\a\1-\java\promotions\tdameritrade\090330\b\container.swf\swfCounter.sol 54 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\l.yimg.com\a\a\1-\java\promotions\verizon\090323\__yFPT_time.sol 130 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\l.yimg.com\a\a\1-\java\promotions\visa\090320\b\metro\e1.swf\__yFPT_time.sol 124 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\l.yimg.com\a\a\1-\java\promotions\visa\090405\a\metro\e1.swf\__yFPT_time.sol 124 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\lads.myspace.com\videos\Main.swf\preferences.sol 187 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\letssingit.com\ZG9hbHRob3VnaA%3D%3D.sol 55 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\localhost\core.sol 53 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\media.mtvnservices.com\global\apps\player\flex\Loader.swf\loaderLogging.sol 54 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\media.mtvnservices.com\global\apps\player\gui\com\mtvnservices\media\player\gui\FFMod.swf\ffGUILogging.sol 52 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\media.mtvnservices.com\player\loader\loaderLogging.sol 54 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\media.mtvnservices.com\player\release\DownShiftHistory.sol 60 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\media.mtvnservices.com\player\release\MetadataHistory.sol 1.28KB C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\media.mtvnservices.com\player\release\playerCounter.sol 229 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\media.mtvnservices.com\player\release\userPrefs.sol 426 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\media.resulthost.org\adbanners.sol 435 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\media.resulthost.org\banner_data.sol 496 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\media.resulthost.org\campaigns.sol 96 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\media.resulthost.org\sources.sol 257 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\media.resulthost.org\user_data.sol 60 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\media.scanscout.com\SS_ARE_CatFreqHist.sol 223 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\media.scanscout.com\SS_ARE_RPCAdHistory.sol 165 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\media.scanscout.com\SS_ARE_UserData.sol 147 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\media.tattomedia.com\adbanners.sol 379 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\media.tattomedia.com\banner_data.sol 479 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\media.tattomedia.com\campaigns.sol 147 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\media.tattomedia.com\sources.sol 203 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\media.tattomedia.com\user_data.sol 60 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\mochiads.com\com.mochiads.sol 435 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\mochiads.com\ee64cd89c88a77dc.sol 107 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\objects.tremormedia.com\com.tremormedia.acudeocomponent.sol 162 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\pagead2.googlesyndication.com\pagead\googleadplayer.swf\mediaPlayerUserSettings.sol 94 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\playback.rhapsody.com\-static\players\engine\som_1_0_2.swf\userData1.sol 981 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\player.play.it\player\yimPlayer\yplayer.swf\WM_R_YAHOO.sol 169 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\s.wsj.net\media\swf\microPlayer.swf\so_WSJ_Volume.sol 53 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\s.ytimg.com\soundData.sol 58 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\s.ytimg.com\videostats.sol 199 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\sa.kewego.com\swf\p3\epix.swf\KewegoEPIX_userData.sol 296 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\secureinclude.ebaystatic.com\ebayLSO.sol 160 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\secureinclude.ebaystatic.com\ebayT.sol 39 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\swfs.ilike.com\actions.sol 145 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\swfs.ilike.com\cm_audioPlayer.sol 86 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\swfs.ilike.com\cm_mediaPlayer.sol 86 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\swfs.ilike.com\cm_videoPlayer.sol 86 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\tubemogul.com\InPlayCounts.sol 115 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\tubemogul.com\StreamMinerInfo.sol 59 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\udn.specificclick.net\ufo.sol 33 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\us.mg2.mail.yahoo.com\cookies.sol 67 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\us.mg3.mail.yahoo.com\cookies.sol 67 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\us.mg4.mail.yahoo.com\cookies.sol 67 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\video.google.com\googleplayer.swf\mediaPlayerUserSettings.sol 94 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\video.nbcuni.com\AdPolicyInfo.sol 111 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\vizu.com\acUserData.sol 239 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\widgets.nbcuni.com\GTSVolume.sol 56 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\widgets.nbcuni.com\s_br.sol 41 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.addictinggames.com\D78AQSAKQLQWI9\5578.swf\userHighScore.sol 49 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.cbs.com\com.quantserve.sol 74 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.dailymotion.com\flash\dmplayer\dmplayer.swf\dmplayer.sol 89 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.hooters.com\HOA_Cache.sol 131 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.hooters.com\_modules\events.swf\TestMovie_Config_Info.sol 341 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.hulu.com\BeaconService.sol 85 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.hulu.com\BeaconServiceV2.sol 491 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.hulu.com\com.quantserve.sol 74 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.hulu.com\player.swf\Lightningcast.sol 56 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.hulu.com\player.swf\NewSitePlayer.sol 324 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.justin.tv\com.quantserve.sol 74 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.justin.tv\jtv_settings.sol 13.14KB C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.mofosex.com\censoredYouJapan.swf\player_settings.sol 47 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.paypal.com\paypalLSO.sol 111 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.paypal.com\ppLsoTest.sol 48 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.ripetv.com\s_br.sol 518 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.thepittsburghchannel.com\download\sh\images\flash\mediawindow_320x340_v1.swf\mediaWindowSO4.sol 59 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.tnaflix.com\player_v0.2.1.swf\flixstream_volume.sol 49 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.wwe.com\swf\ep\player.swf\toutep.sol 536 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.youtube.com\videostats.sol 199 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.zootube365.com\swf\player.swf\xmoov.sol 78 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\www.zootube365.com\swf\player.swf\xmoov_zootube365.sol 76 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\Q2P6BCP4\zone.msn.com\binGame\strd\default\game.swf\playerData.sol 133 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#assets.espn.go.com\settings.sol 88 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol 89 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.reverbnation.com\settings.sol 92 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn-static.viddler.com\settings.sol 92 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.neulion.net\settings.sol 85 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.taboolasyndication.com\settings.sol 96 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.visiblemeasures.com\settings.sol 93 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.mochibot.com\settings.sol 87 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.videoegg.com\settings.sol 87 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cosmos.bcst.yahoo.com\settings.sol 91 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#d.scribd.com\settings.sol 82 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#d.yimg.com\settings.sol 80 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#dfckc.com\settings.sol 79 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com\settings.sol 90 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#i2.current.com\settings.sol 84 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images-na.ssl-images-amazon.com\settings.sol 101 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.delta.com.edgesuite.net\settings.sol 100 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#include.classistatic.com\settings.sol 94 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol 84 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#l.yimg.com\settings.sol 80 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#lads.myspace.com\settings.sol 86 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#letssingit.com\settings.sol 84 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local\settings.sol 75 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.mtvnservices.com\settings.sol 92 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.resulthost.org\settings.sol 90 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.scanscout.com\settings.sol 89 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.tattomedia.com\settings.sol 90 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mochiads.com\settings.sol 82 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com\settings.sol 93 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pagead2.googlesyndication.com\settings.sol 99 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#playback.rhapsody.com\settings.sol 91 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.play.it\settings.sol 84 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.wsj.net\settings.sol 79 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol 81 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#sa.kewego.com\settings.sol 83 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#secureinclude.ebaystatic.com\settings.sol 98 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.twitter.com\settings.sol 88 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static4.livenation.com\settings.sol 92 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#swfs.ilike.com\settings.sol 84 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tubemogul.com\settings.sol 83 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#udn.specificclick.net\settings.sol 91 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#us.mg2.mail.yahoo.com\settings.sol 91 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#us.mg3.mail.yahoo.com\settings.sol 91 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#us.mg4.mail.yahoo.com\settings.sol 91 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.google.com\settings.sol 86 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.nbcuni.com\settings.sol 86 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#vizu.com\settings.sol 78 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#widgets.clearspring.com\settings.sol 93 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#widgets.nbcuni.com\settings.sol 88 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.addictinggames.com\settings.sol 92 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.cbs.com\settings.sol 81 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.dailymotion.com\settings.sol 89 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.hooters.com\settings.sol 85 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.hulu.com\settings.sol 82 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.justin.tv\settings.sol 83 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.mofosex.com\settings.sol 85 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.paypal.com\settings.sol 84 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.ripetv.com\settings.sol 84 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.thepittsburghchannel.com\settings.sol 98 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.tnaflix.com\settings.sol 85 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.weather.com\settings.sol 85 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.wwe.com\settings.sol 81 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol 85 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.zootube365.com\settings.sol 88 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#zone.msn.com\settings.sol 82 bytes C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 1.77KB C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\digest.s 2.78KB C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 1.80MB C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 1.42MB C:\Documents and Settings\Tim\Application Data\Real\RealPlayer\realplayer.ste 709 bytes C:\Documents and Settings\Tim\Application Data\Real\RealPlayer\History\Sex - Seymore Butts - Female Ejaculat....lnk 1.94KB C:\Program Files\Common Files\Real\Update_OB\RealPlayer-log.txt 72.66KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Quick\{07E25A98-25B2-4053-9752-2D01112D9961} 5.43KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Quick\{2431C0EF-B61A-4D93-8EBA-6F4D6E619A11} 5.43KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Quick\{45C6050A-B8C7-4FED-9D86-6A49EB57C642} 5.43KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Quick\{556751BA-B609-4115-969A-B477D1E17BD2} 5.43KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Quick\{84911722-DC57-4347-BFF4-93DA90233DE1} 5.43KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Quick\{8BA6C9FB-1F7E-4D28-8EC2-6677B75843FA} 5.43KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Quick\{E1F124BE-8D3C-490C-AC56-875E35E8C48F} 5.43KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Quick\{EEEAF3E1-901F-4F42-9F6C-8266C6D3114D} 5.43KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Quick\{EFBEDC77-D67F-49AF-8409-2B844EE85F77} 5.43KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{0B1048D6-CAB2-4A4C-97F6-7AA500EEFCA7} 5.72KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{0DD2BA8A-93E9-4FCC-925B-88B3F16AE8BE} 5.71KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{104F6ED6-B474-456B-ABD3-FF0CE4A5C6D3} 5.71KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{12FF5E5E-977F-4F9E-9410-BDDED0393C06} 5.71KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{16FAF5D8-4964-48C6-8AD0-40CB6135C044} 5.71KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{17C10070-D768-4152-A574-3E44416419BC} 5.68KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{1B48618E-B5B6-47A9-B92B-5F408ED05A9A} 5.72KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{24946F40-3DFE-41DF-A365-7BEDFD47A230} 5.69KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{33EB05DD-45EA-476B-9C9C-A1E1E9EB24EE} 5.82KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{36FCD515-E23D-4F84-81E9-88518CE74200} 5.75KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{39B5529B-ADC7-4BFB-8327-934768485E62} 5.71KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{3C1CDDD7-495C-4DE8-B0E2-1FDEF1205503} 5.75KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{42A7D894-DF3B-4B4F-A37B-673D64F8C889} 5.71KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{431D0BBF-4E5E-4A25-88F6-D680EA5DDEAC} 5.71KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{44D27BBB-10EA-479C-8566-A5B179E2CD81} 6.02KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{4508B39E-F83A-4595-BB02-83551B24EDA7} 5.73KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{451E81F2-1C04-4DD3-8059-4FE424720DC4} 5.71KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{457925C7-355C-4BB8-A397-EC749B98708B} 5.75KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{5CCE7629-5CCC-40F1-86C4-DDB7C7724FE7} 5.74KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{61210CE8-70C5-447E-8DFD-07C21FEBAD8E} 5.71KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{629A1D88-E67E-4732-BA2C-5CBA9997C5FF} 6.01KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{65E8A8BA-E087-46EB-8BC5-D350C59A1130} 5.70KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{6C4CA437-BBE8-4DEC-939F-8EE2F0F186E8} 5.71KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{79BAA5DA-76EC-414B-97D0-221580C72928} 5.74KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{7C498AD9-0E00-44F7-9193-8D162D6D9D9E} 5.71KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{842759F4-E626-479B-BB38-C3F486E029B8} 5.71KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{8CFC3092-A820-43BA-A552-FE25754D11C8} 5.71KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{94376BCE-4EAA-4985-82BE-96D995E6AF12} 5.72KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{949216F4-EFFE-4C8C-AA7E-18298A3A21DE} 5.70KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{A34E488B-216B-453B-A6B0-A596F70A5A2F} 5.70KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{A6339FA8-BDA4-4106-AD30-EEC68FC2FAAE} 5.68KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{A9DA955C-C917-40C0-A488-FD57BEB4C20C} 5.88KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{AC90D996-3AC9-48A5-8817-1CEE068FCC75} 5.75KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{AC9FAC60-5901-4A5A-B9D9-44B780D3F6E6} 5.68KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{B0259435-B712-4CF1-9E66-747179D6E8B2} 5.88KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{B7D0D080-CB86-4344-8131-AA6792EDAA80} 5.71KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{BB901EA6-EF95-4126-B486-A21DA700532C} 5.72KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{BBB0F96F-955E-4D1E-B57D-21A2CD9E5703} 5.71KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{BDC53584-510E-4823-A3A5-DAE33865AA84} 5.68KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{C55B9C18-F2EF-4E94-9B8A-0AEFA897216F} 5.99KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{C64F2230-4D9E-43BA-B9C6-22958BF7897F} 5.74KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{C7E5C6C4-CF13-4CCD-89F7-5FBCCD2F4829} 5.87KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{CB0BBF89-ACE8-486A-A547-E36DB711B922} 5.71KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{D5B13377-FD1D-4EBF-9E58-91AC38510A3C} 5.88KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{E1B35D49-4532-4F22-84DD-BF8700AD6B10} 5.72KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{E5A0A45C-4135-49A2-841D-DC61E35A90E5} 5.75KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{E5F72E56-0D50-4FD1-8A9B-E4F80DA17C83} 5.73KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{EC13F2E4-7BB1-41AB-88BB-3D23A100B269} 5.72KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{F1F499CF-1933-46B1-9934-D9317CCEDB96} 5.71KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{FBB74109-3F2D-4879-8879-B65B7D838E87} 5.71KB C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{FE3E2FE9-AD84-4579-B46E-92CBE4F328D2} 5.75KB ------------------------------------------------------------------------------------------ -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Tuesday, April 21, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Wednesday, April 22, 2009 02:42:33 Records in database: 2067570 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 104946 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 01:47:27 File name / Threat name / Threats count C:\Documents and Settings\Tim\Incomplete\T-4620425-superman.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1 The selected area was scanned.

Malwarebytes' Anti-Malware 1.36 Database version: 1974 Windows 5.1.2600 Service Pack 3 4/13/2009 6:59:00 AM mbam-log-2009-04-13 (06-59-00).txt Scan type: Quick Scan Objects scanned: 86517 Time elapsed: 5 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:00:37 AM, on 4/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\SYSTEM32\NOTEPAD.EXE C:\Documents and Settings\Tim\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.mcafee.com O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://msn.worldwinner.com/games/v47/share...GamesLoader.cab O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games

I searched in the areas you asked as well as I did a system "search" and I couldn't locate that file.

okay I deleted the proxy file I have copied and zipped the files you asked for... I didn't find "c:\windows\system32\drivers\hequllca.sys" and I found a "c:\windows\system32\drivers\npfs.sys" so I attached it too, because it was close and I wasn't sure if that was it or not I await further instructions Thanks for the help!! Infection.zip Infection.zip

They seemed to be from Sept 2008, no idea what they were, so as you suggested I did delete them